[Snort-devel] Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Matt Dillon dillon at ...146...
Fri Dec 8 02:38:09 EST 2000

:>     or with a redirect from tcpdump on a shell line,
:Assuming, as I suspect is the case, that they're using the same command
:on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on
:Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp".

    It amounts to the same thing, since -w does nothing more then an
    fopen(..."w").  You get a pidly 8K buffer out of that, and it isn't
    even double buffered.

    But I think the last poster had it right... if the bpf buffer size
    was not changed from the default 4096, just about anything can interrupt
    the packet flow.


More information about the Snort-devel mailing list